NotCVE - vendor:"Collne"

31 results (0.005 seconds)

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-50847 – WordPress Welcart e-Commerce Plugin <= 2.9.3 is vulnerable to SQL Injection

https://notcve.org/view.php?id=CVE-2023-50847

21 Dec 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Collne Inc. Welcart e-Commerce. Este problema afecta a Welcart e-Commerce: desde n/a hasta 2.9.3. • https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-9-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-6120 – Welcart e-Commerce <= 2.9.6 - Authenticated (Administrator+) Directory Traversal

https://notcve.org/view.php?id=CVE-2023-6120

08 Dec 2023 — The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server. El complemento Welcart e-Commerce para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 2.9.6 incluida a través de la función upload_certificate_file. Esto hace posible que los administradores carguen archiv... • https://plugins.trac.wordpress.org/changeset/2992785/usc-e-shop/trunk/classes/paymentPaygent.class.php?contextall=1&old=2880236&old_path=%2Fusc-e-shop%2Ftrunk%2Fclasses%2FpaymentPaygent.class.php • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-5953 – Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2023-5953

14 Nov 2023 — The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 no valida los archivos que se van a cargar, además de que no tiene autorización ni CSRF en una acción AJAX que maneje dicha carga. Como resultado, cualqui... • https://wpscan.com/vulnerability/6d29ba12-f14a-4cee-baae-a6049d83bce6 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-5951 – Welcart e-Commerce < 2.9.5 - Reflected XSS

https://notcve.org/view.php?id=CVE-2023-5951

10 Nov 2023 — The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera Cross-Site Scripting Reflejado que podría usarse contra usuarios con privilegios elevados, como el administrador. The Welcart ... • https://wpscan.com/vulnerability/81dc093a-545d-4bcd-ab85-ee9472d709e5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-5952 – Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection

https://notcve.org/view.php?id=CVE-2023-5952

10 Nov 2023 — The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 deserializa la entrada del usuario a través de cookies, lo que podría permitir a usuarios no autenticados realizar inyección de objetos PHP cuando hay un gadget adecuado presente en el blog. The Welcart e-Commerce plugin for WordPress is v... • https://wpscan.com/vulnerability/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7 • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-43614

https://notcve.org/view.php?id=CVE-2023-43614

26 Sep 2023 — Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. Vulnerabilidad de Cross-Site Scripting (XSS) en la página de edición de datos de pedidos de Welcart e-Commerce versiones 2.7 a 2.8.21 permite que un atacante remoto no autenticado inyecte un script arbitrario. • https://jvn.jp/en/jp/JVN97197972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-43484

https://notcve.org/view.php?id=CVE-2023-43484

26 Sep 2023 — Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. Vulnerabilidad de Cross-Site Scripting (XSS) en la página Lista de elementos de Welcart e-Commerce versiones 2.7 a 2.8.21 permite que un atacante remoto no autenticado inyecte un script arbitrario. • https://jvn.jp/en/jp/JVN97197972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-41962

https://notcve.org/view.php?id=CVE-2023-41962

26 Sep 2023 — Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. Vulnerabilidad de Cross-Site Scripting (XSS) en la página de configuración de pago con tarjeta de crédito de las versiones 2.7 a 2.8.21 de Welcart e-Commerce, permite a un atacante remoto no autenticado inyectar un script arbitrario en la página. • https://jvn.jp/en/jp/JVN97197972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-41233

https://notcve.org/view.php?id=CVE-2023-41233

26 Sep 2023 — Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. Vulnerabilidad de Cross-Site Scripting (XSS) en el proceso de registro de la página Lista de elementos de Welcart e-Commerce versiones 2.7 a 2.8.21 permite que un atacante remoto no autenticado inyecte un script arbitrario. • https://jvn.jp/en/jp/JVN97197972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-40532

https://notcve.org/view.php?id=CVE-2023-40532

26 Sep 2023 — Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. La vulnerabilidad de path traversal en las versiones 2.7 a 2.8.21 de Welcart e-Commerce permite a un usuario con privilegios de autor o superiores obtener información parcial de los archivos en el servidor web. • https://jvn.jp/en/jp/JVN97197972 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

1 2 3 4